Dear all We verified the following files.We found that the setuid bit for all of them was on. ls -alE /bin/fomtlinc ls -alE /bin/fomtlout ls -alE /bin/crontab
-rwsr-xr-x --s- 2 OEDFLT 1 344064 Nov 12 2009 /bin/fomtlinc -rwsr-xr-x --s- 2 OEDFLT 1 344064 Nov 12 2009 /bin/fomtlout -rwsr-xr-x --s- 2 OEDFLT 1 344064 Nov 12 2009 /bin/crontab ^ setuid bit we issued 'TSO OMVS' command again. We got the same error messages as before When we checked the syslog,the following messages appear on the console: (these message also appear yesterday) ICH408I USER(IBMSE41 ) GROUP(#SPUSR ) NAME(DOMENG MENG /etc/utmpx CL(FSOBJ ) FID(01C2D4E2D3F0F200041A000000DB0000) INSUFFICIENT AUTHORITY TO OPEN ACCESS INTENT(RW-) ACCESS ALLOWED(OTHER R--) EFFECTIVE UID(0000999999) EFFECTIVE GID(0000000020) After ' ls -l /etc/utmpx ' comand was issued, the /etc/utmpx attribution was shown below: -rw-r--r-- 1 BPXOINIT #SYSSTC 2288 Jun 10 21:42 /etc/utmpx After we issued 'chmod 646 /etc/utmpx ' command and 'ls -l /etc/utmpx' comand , the /etc/utmpx attribution was shown now below: -rw-r--rw-- 1 BPXOINIT #SYSSTC 2288 Jun 10 21:42 /etc/utmpx we issued 'TSO OMVS' command again.Everything is normal. Our questions: When we issue 'tso lu IBMSE41 omvs' command,we get the omvs informations for userid (IBMSE41) below: OMVS INFORMATION ---------------- UID= 0000000000 HOME= / PROGRAM= /bin/sh CPUTIMEMAX= NONE ASSIZEMAX= NONE FILEPROCMAX= NONE PROCUSERMAX= NONE THREADSMAX= NONE MMAPAREAMAX= NONE But why EFFECTIVE UID is 0000999999 in the following messages ? Who changed IBMSE41 from UID(0) to UID(999999)? ICH408I USER(IBMSE41 ) GROUP(#SPUSR ) NAME(DOMENG MENG /etc/utmpx CL(FSOBJ ) FID(01C2D4E2D3F0F200041A000000DB0000) INSUFFICIENT AUTHORITY TO OPEN ACCESS INTENT(RW-) ACCESS ALLOWED(OTHER R--) EFFECTIVE UID(0000999999) EFFECTIVE GID(0000000020) Thanks a lot! Best Regards, Jason Cai 发件人: David Geib 发送时间: 2010-06-12 00:25:55 收件人: IBM-MAIN 抄送: 主题: Re: EDC5113I reason code = 053501B2 in/ /etc/utmpx Verify that these files have the setuid bit on: ls -alE /bin/fomtlinc ls -alE /bin/fomtlout -rwsr-xr-x --s- 2 SYSADM 1 344064 May 19 2009 /bin/fomtlinc -rwsr-xr-x --s- 2 SYSADM 1 319488 May 19 2009 /bin/fomtlout ^ setuid bit To turn the set-user-ID bit on, issue the following commands: chmod u+s /bin/fomtlinc chmod u+s /bin/fomtlout Also, see (older) INFO APAR II12726, as it may explain how the setuid bit got turned off for these files. If the /etc file system was mounted R/O, a different rsncode would surface: FSUM2378 The start of the session was not recorded. The slot (in /etc/utmpx) fo r this terminal could not be updated, or a new slot for the terminal could not b e created. Function = pututxline(), terminal name = '/dev/ttyp0000', program name = '/bin/f omtlinc', errno = 141 (X'0000008D'), reason code = 05620060, message = 'EDC5141I Read-only file system.' ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html